MyCity » Ambulanta -> Arhiva Ambulante » Zarazen kompjuter

Zarazen kompjuter

Napisano na dan: 10.11.2008

Strana:
1
2

Zarazen kompjuter

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Vera55555 Poslao: 10 Nov 2008 17:28 Idi na vrh
offline Vera55555 Ugledni građanin Pridružio: 28 Okt 2008 Poruke: 312	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 52034 PM, on 11/10/2008 Platform Windows XP SP2 (WinNT 5.01.2600) MSIE Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode Normal Running processes C\WINDOWS\System32\smss.exe C\WINDOWS\system32\winlogon.exe C\WINDOWS\system32\services.exe C\WINDOWS\system32\lsass.exe C\WINDOWS\system32\Ati2evxx.exe C\WINDOWS\system32\svchost.exe C\WINDOWS\System32\svchost.exe C\WINDOWS\system32\Ati2evxx.exe C\WINDOWS\system32\spoolsv.exe C\WINDOWS\Explorer.EXE C\WINDOWS\RTHDCPL.EXE C\Program Files\Winamp\winampa.exe C\Program Files\Eset\nod32kui.exe C\Program Files\Messenger\msmsgs.exe C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C\WINDOWS\system32\ctfmon.exe C\Program Files\Ares\Ares.exe C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C\Program Files\Eset\nod32krn.exe C\Program Files\CyberLink\Shared files\RichVideo.exe C\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C\Program Files\Mozilla Firefox\firefox.exe C\Documents and Settings\korisnik\Desktop\septembar\TR.3exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = aboutblank O2 - BHO AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O4 - HKLM\..\Run [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run [StartCCC] "C\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run [WinampAgent] C\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run [NeroFilterCheck] C\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run [nod32kui] "C\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run [MSMSGS] "C\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run [ctfmon.exe] C\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run [ares] "C\Program Files\Ares\Ares.exe" -h O4 - Global Startup Adobe Reader Speed Launch.lnk = C\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item E&xport to Microsoft Excel - res//C\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C\Program Files\Messenger\msmsgs.exe O23 - Service Ares Chatroom server (AresChatServer) - Ares Development Group - C\Program Files\Ares\chatServer.exe O23 - Service Ati HotKey Poller - ATI Technologies Inc. - C\WINDOWS\system32\Ati2evxx.exe O23 - Service GEST Service for program management. (GEST Service) - Unknown owner - C\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service Google Updater Service (gusvc) - Google - C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service NOD32 Kernel Service (NOD32krn) - Eset - C\Program Files\Eset\nod32krn.exe O23 - Service Visibroker Activation Daemon (oad) - Unknown owner - C\PROGRA~1\Borland\vbroker\bin\oad.exe O23 - Service VisiBroker Smart Agent (osagent) - Unknown owner - C\PROGRA~1\Borland\vbroker\bin\osagent.exe O23 - Service Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 3853 bytes Dopuna: 10 Nov 2008 17:28 Skeniranje je pokazalo da su pronadjena 4 slucaja, od kojih su 2 neutralisana. Sta sad?

Profil

dr_Bora Poslao: 10 Nov 2008 18:20 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Postavljeni log je čist. Čime je vršeno skeniranje i šta je to što nije uklonjeno (zanimaju me nazivi file-ova koji su detektovani)?

Profil

Vera55555 Poslao: 10 Nov 2008 18:26 Idi na vrh
offline Vera55555 Ugledni građanin Pridružio: 28 Okt 2008 Poruke: 312	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! NOD 32 - Scanner Logs, Infected 4, clean 2

Profil

dr_Bora Poslao: 10 Nov 2008 18:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nadah se da će biti malo preciznije, al' dobro... Hajde da vidimo šta se tu događa. * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Vera55555 Poslao: 10 Nov 2008 18:32 Idi na vrh
offline Vera55555 Ugledni građanin Pridružio: 28 Okt 2008 Poruke: 312	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemam druge informacije, mozda sam izbrisala

Profil

dr_Bora Poslao: 10 Nov 2008 18:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sasvim ok... Samo isprati gore dato uputstvo.

Profil

Vera55555 Poslao: 10 Nov 2008 18:49 Idi na vrh
offline Vera55555 Ugledni građanin Pridružio: 28 Okt 2008 Poruke: 312	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-09.04 - korisnik 2008-11-10 18:42:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT 1:00] Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\korisnik\LOCALS~1\Temp\install_flash_player.exe c:\windows\system32\Cfx32.lic c:\windows\system32\cfx32.ocx . ((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) . 2008-11-05 16:14 . 2008-11-05 16:14 <DIR> d-------- c:\program files\MSXML 6.0 2008-11-05 13:47 . 2008-11-05 13:47 <DIR> d-------- c:\documents and settings\korisnik\Application Data\Malwarebytes 2008-11-05 13:47 . 2008-11-05 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-05 13:36 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-11-05 13:36 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-05 13:35 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-05 13:35 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-05 13:35 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-05 13:35 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-05 00:16 . 2008-11-05 16:14 <DIR> d--h----- c:\windows\$hf_mig$ 2008-10-12 15:06 . 2008-10-12 15:10 <DIR> d-------- c:\program files\AIMP2 2008-10-12 12:47 . 2008-10-12 15:10 <DIR> d-------- c:\program files\YouTube Downloader 2008-10-12 10:23 . 2008-10-12 12:41 <DIR> d-------- c:\program files\weblin 2008-10-12 10:21 . 2008-10-12 12:41 <DIR> d-------- c:\documents and settings\korisnik\Application Data\zweitgeist . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 16:44 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-09 21:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-10-17 19:25 --------- d-----w c:\program files\Winamp 2008-10-06 18:34 --------- d-----w c:\program files\Google 2008-10-03 19:14 --------- d-----w c:\documents and settings\korisnik\Application Data\AdobeUM 2008-09-24 12:19 --------- d-----w c:\program files\Microsoft SQL Server 2008-09-24 12:18 --------- d-----w c:\program files\Microsoft.NET 2008-09-24 12:16 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-09-24 12:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-24 11:36 --------- d-----w c:\program files\Borland 2008-09-23 16:28 --------- d-----w c:\program files\ESET 2008-09-23 13:05 --------- d-----w c:\program files\Common Files\Borland Shared 2008-09-23 12:52 --------- d-----w c:\program files\Rockstar Games 2008-09-21 19:41 --------- d-----w c:\program files\City Interactive 2008-09-21 19:35 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-16 19:33 --------- d-----w c:\documents and settings\korisnik\Application Data\Media Player Classic 2008-09-16 18:49 --------- d-----w c:\documents and settings\korisnik\Application Data\CyberLink 2008-09-16 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-12 14:50 16,608 ----a-w c:\windows\gdrv.sys 2008-09-12 14:49 512,096 ----a-w c:\windows\system32\drivers\amon.sys 2008-09-12 14:49 298,104 ----a-w c:\windows\system32\imon.dll 2008-09-12 14:49 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys 2008-09-12 14:48 --------- d-----w c:\program files\Microsoft ActiveSync 2008-09-12 14:48 --------- d-----w c:\program files\Common Files\L&H 2008-09-12 14:47 --------- d-----w c:\program files\Microsoft Works 2008-09-12 14:45 --------- d-----w c:\program files\totalcmd 2008-09-12 14:45 --------- d-----w c:\program files\Common Files\Ahead 2008-09-12 14:45 --------- d-----w c:\program files\Ahead 2008-09-12 14:44 --------- d-----w c:\program files\ACD 2008-09-12 14:43 --------- d-----w c:\program files\Common Files\Adobe 2008-09-12 14:42 --------- d-----w c:\program files\Webteh 2008-09-12 14:42 --------- d-----w c:\program files\Opera 2008-09-12 14:42 --------- d-----w c:\program files\FLV Player 2008-09-12 14:41 --------- d-----w c:\program files\CyberLink 2008-09-12 14:40 --------- d-----w c:\program files\K-Lite Codec Pack 2008-09-12 14:39 --------- d-----w c:\documents and settings\korisnik\Application Data\ATI 2008-09-12 14:39 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-09-12 14:23 --------- d-----w c:\program files\My Company Name 2008-09-12 14:23 --------- d-----w c:\program files\ATI Technologies 2008-09-12 14:21 --------- d-----w c:\program files\Common Files\ATI Technologies 2008-09-12 14:18 --------- d-----w c:\program files\Common Files\InstallShield 2008-09-12 14:15 --------- d-----w c:\program files\Realtek 2008-09-12 14:15 --------- d-----w c:\documents and settings\korisnik\Application Data\InstallShield 2008-09-12 14:13 315,392 ----a-w c:\windows\HideWin.exe 2008-09-12 14:11 --------- d-----w c:\program files\Intel 2008-09-12 14:11 --------- d-----w c:\program files\GIGABYTE 2008-09-12 14:04 --------- d-----w c:\program files\microsoft frontpage 2008-08-20 05:38 659,456 ----a-w c:\windows\system32\wininet.dll 2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-12 949376] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624] S3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [1998-03-12 1781248] S3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [1998-03-12 193536] Newly Created Service - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-ares - c:\program files\Ares\Ares.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\3yngy0s6.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - about blank FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 18:43:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-10 18:43:59 ComboFix-quarantined-files.txt 2008-11-10 17:43:46 Pre-Run: 65,031,966,720 bytes free Post-Run: 65,098,850,304 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 140 Dopuna: 10 Nov 2008 18:49 Ukljucila sam AMON sada

Profil

dr_Bora Poslao: 10 Nov 2008 18:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo izgleda čisto. Odradi ponovo skeniranje NOD-om - ukoliko bilo šta detektuje a da to ne može da ukloni, napiši ovde šta je u pitanju (nazivi file-ova su potrebni).

Profil

Vera55555 Poslao: 10 Nov 2008 19:17 Idi na vrh
offline Vera55555 Ugledni građanin Pridružio: 28 Okt 2008 Poruke: 312	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! File C:\System Volume Information\_restore{919908B6-37D6-4AB5-B0A5-50EFC557E647}\RP42\A0023951.exe is infected with a variant of Win32/Adware.XPAntivirus.AD application. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed Dopuna: 10 Nov 2008 19:17 Sta da pritisnem ima tamo neke opcije?

Profil

dr_Bora Poslao: 10 Nov 2008 19:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako postoji opcija Delete, izaberi je. Anyway... U pitanju su file-ovi u System Restore-u i oni će biti obrisani sledećim postupkom: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Nakon ovoga više ne bi trebalo biti tih detekcija.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zarazen kompjuter

Ko je trenutno na forumu

Ukupno su 858 korisnika na forumu :: 40 registrovanih, 9 sakrivenih i 809 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bato, Ben Roj, bigfoot, brundo65, BSD, cenejac111, CrazyDiablo, crnitrn, dekan.m, djordje92sm, doktor123, DonRumataEstorski, gomago, GORDI, goxsys, helen1, ILGromovnik, Istman, Joja, kikisp, Kriglord, kybonacci, mercedesamg, milos.cbr, MiroslavD, NoOneEver Dreams, raykan, SR-3m, Srle993, stegonosa, theNedjeljko, Tvrtko I, uruk, vaso1, vobo, Webb, Wrangler, zlaya011, Zoca, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by